[prev in list] [next in list] [prev in thread] [next in thread]
List: gcc-bugs
Subject: [Bug middle-end/81400] Stack smashing not caught by stack protector strong and allowing me to stack
From: "amonakov at gcc dot gnu.org" <gcc-bugzilla () gcc ! gnu ! org>
Date: 2017-07-31 13:27:54
Message-ID: bug-81400-4-Rsv8Y3v7ua () http ! gcc ! gnu ! org/bugzilla/
[Download RAW message or body]
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81400
Alexander Monakov <amonakov at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |amonakov at gcc dot gnu.org
--- Comment #6 from Alexander Monakov <amonakov at gcc dot gnu.org> ---
TLS canary is initialized by the libc; in Glibc sources you can grep for
THREAD_STACK_SET_GUARD.
In this example the leftmost byte of the SSP canary is overwritten by a zero.
This does not change the canary because Glibc deliberately zeroes that leftmost
byte (presumably, to harden against information-leak attacks when a string
function like strcpy can be used to copy the canary value in an
attacker-controlled manner):
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/dl-osinfo.h;h=823cd8224df939134018fbd8f0227e9f501393ab;hb=HEAD#l63
So what is the GCC bug here? What do we want to change?=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic